PROFESSIONAL-CLOUD-SECURITY-ENGINEER Exam Questions
381 real PROFESSIONAL-CLOUD-SECURITY-ENGINEER exam questions with expert-verified answers and explanations. Page 4 of 8.
- Question #151Configuring network security
You perform a security assessment on a customer architecture and discover that multiple VMs have public IP addresses. After providing a recommendation to remove the public IP addre...
Cloud NATOutbound internet accessPrivate IP addressesNetwork security - Question #152Ensuring compliance
You are tasked with exporting and auditing security logs for login activity events for Google Cloud console and API calls that modify configurations to Google Cloud resources. Your...
Cloud LoggingAudit LogsSIEM IntegrationGoogle Workspace - Question #153Ensuring compliance
Your company's Chief Information Security Officer (CISO) creates a requirement that business data must be stored in specific locations due to regulatory requirements that affect th...
Data ResidencyOrganization PolicyResource HierarchyCompliance Enforcement - Question #154Configuring network security
You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on- premises applications can onl...
VPC Service ControlsPrivate API accessCloud InterconnectData exfiltration prevention - Question #155Ensuring data protection
You need to implement an encryption-at-rest strategy that protects sensitive data and reduces key management complexity for non-sensitive data. Your solution has the following requ...
Encryption-at-restCloud KMSKey ManagementData Security Policies - Question #156Ensuring data protection
Your security team uses encryption keys to ensure confidentiality of user data. You want to establish a process to reduce the impact of a potentially compromised symmetric encrypti...
Cloud KMSKey RotationSymmetric EncryptionData Protection - Question #157Ensuring data protection
A database administrator notices malicious activities within their Cloud SQL instance. The database administrator wants to monitor the API calls that read the configuration or meta...
Cloud LoggingAudit LogsCloud SQL SecuritySecurity Monitoring - Question #158Ensuring compliance
Your company's chief information security officer (CISO) is requiring business data to be stored in specific locations due to regulatory requirements that affect the company's glob...
Data ResidencyOrganization PolicyResource HierarchyRegulatory Compliance - Question #159Ensuring data protection
You are backing up application logs to a shared Cloud Storage bucket that is accessible to both the administrator and analysts. Analysts should not have access to logs that contain...
Cloud DLPCloud StorageServerless AutomationPII Handling - Question #160Ensuring data protection
You work for an organization in a regulated industry that has strict data protection requirements. The organization backs up their data in the cloud. To comply with data privacy re...
Data RetentionCloud StorageObject Lifecycle ManagementData Privacy - Question #161Ensuring compliance
You have been tasked with configuring Security Command Center for your organization's Google Cloud environment. Your security team needs to receive alerts of potential crypto minin...
Security Command CenterThreat DetectionSecurity MisconfigurationCloud Security Monitoring - Question #162Configuring access within a cloud solution environment
You have noticed an increased number of phishing attacks across your enterprise user accounts. You want to implement the Google 2-Step Verification (2SV) option that uses a cryptog...
2-Step Verification (2SV)Phishing resistanceSecurity KeysAuthentication - Question #163Configuring network security
Your organization hosts a financial services application running on Compute Engine instances for a third-party company. The third-party company's servers that will consume the appl...
VPC PeeringNetwork SecurityCross-Organization ConnectivityPrivate IP Communication - Question #164Managing operations within a cloud solution environment
Your company's new CEO recently sold two of the company's divisions. Your Director asks you to help migrate the Google Cloud projects associated with those divisions to a new organ...
Project MigrationVPC Service ControlsResource HierarchyOrganization Management - Question #165Ensuring compliance
You are a consultant for an organization that is considering migrating their data from its private cloud to Google Cloud. The organization's compliance team is not familiar with Go...
Data residencyComplianceOrganization Policy ServiceResource location constraints - Question #166Configuring access within a cloud solution environment
Your security team wants to reduce the risk of user-managed keys being mismanaged and compromised. To achieve this, you need to prevent developers from creating user-managed servic...
Organization PolicyService AccountsIAMKey Management - Question #167Configuring access within a cloud solution environment
You are responsible for managing your company's identities in Google Cloud. Your company enforces 2-Step Verification (2SV) for all users. You need to reset a user's access, but th...
Identity and Access Management2-Step Verification (2SV)Google Admin ConsoleUser Account Recovery - Question #168Configuring access within a cloud solution environment
Which Google Cloud service should you use to enforce access control policies for applications and resources?
Identity-Aware ProxyAccess ControlApplication SecurityAuthentication - Question #169Configuring access within a cloud solution environment
You want to update your existing VPC Service Controls perimeter with a new access level. You need to avoid breaking the existing perimeter with this change, and ensure the least di...
VPC Service ControlsPerimeter ManagementAccess LevelsDry Run Testing - Question #170Configuring network security
Your organization's Google Cloud VMs are deployed via an instance template that configures them with a public IP address in order to host web services for external users. The VMs r...
Load BalancingShared VPCNetwork SecurityVM Networking - Question #171Ensuring data protection
Your privacy team uses crypto-shredding (deleting encryption keys) as a strategy to delete personally identifiable information (PII). You need to implement this practice on Google...
Crypto-shreddingCustomer-Managed Encryption Keys (CMEK)Data ProtectionKey Management Service (KMS) - Question #172Managing operations within a cloud solution environment
You need to centralize your team's logs for production projects. You want your team to be able to search and analyze the logs using Logs Explorer. What should you do?
Cloud LoggingAggregate SinksCentralized LoggingLogs Explorer - Question #173Ensuring data protection
You need to use Cloud External Key Manager to create an encryption key to encrypt specific BigQuery data at rest in Google Cloud. Which steps should you do first?
Cloud EKMData EncryptionExternal Key ManagementBigQuery Encryption - Question #174Configuring network security
Your company's cloud security policy dictates that VM instances should not have an external IP address. You need to identify the Google Cloud service that will allow VM instances w...
Cloud NATPrivate VMsOutbound Internet AccessNetwork Security - Question #175Configuring access within a cloud solution environment
You want to make sure that your organization's Cloud Storage buckets cannot have data publicly available to the internet. You want to enforce this across all Cloud Storage buckets....
Cloud Storage SecurityUniform Bucket-Level AccessOrganization PoliciesPublic Access Prevention - Question #176Configuring access within a cloud solution environment
Your company plans to move most of its IT infrastructure to Google Cloud. They want to leverage their existing on-premises Active Directory as an identity provider for Google Cloud...
Google Cloud Directory Sync (GCDS)Cloud IdentityActive Directory IntegrationIAM Groups - Question #177Configuring access within a cloud solution environment
You are in charge of creating a new Google Cloud organization for your company. Which two actions should you take when creating the super administrator accounts? (Choose two.)
Super Administrator AccountsMulti-Factor Authentication (MFA)Least Privilege PrincipleOrganization Security - Question #178Ensuring compliance
You are deploying a web application hosted on Compute Engine. A business requirement mandates that application logs are preserved for 12 years and data is kept within European boun...
Cloud LoggingLog SinksData RetentionData Residency - Question #179Ensuring data protection
You discovered that sensitive personally identifiable information (PII) is being ingested to your Google Cloud environment in the daily ETL process from an on- premises environment...
DLPKMSData RedactionDeterministic Encryption - Question #180Ensuring data protection
You are working with a client that is concerned about control of their encryption keys for sensitive data. The client does not want to store encryption keys at rest in the same clo...
Encryption Key ManagementCustomer-Supplied Encryption Keys (CSEK)Cloud External Key Manager (Cloud EKM)Data Encryption - Question #181Ensuring data protection
You are implementing data protection by design and in accordance with GDPR requirements. As part of design reviews, you are told that you need to manage the encryption key for a so...
Encryption key managementData at rest encryptionCloud KMSGDPR compliance - Question #182Configuring access within a cloud solution environment
Which Identity-Aware Proxy role should you grant to an Identity and Access Management (IAM) user to access HTTPS resources?
Identity-Aware ProxyIAM RolesAccess ControlWeb Application Security - Question #183Configuring network security
You need to audit the network segmentation for your Google Cloud footprint. You currently operate Production and Non-Production infrastructure-as-a-service (IaaS) environments. All...
VPC Firewall RulesNetwork SegmentationService AccountsFirewall Rule Priority - Question #184Configuring network security
You are creating a new infrastructure CI/CD pipeline to deploy hundreds of ephemeral projects in your Google Cloud organization to enable your users to interact with Google Cloud....
Organization PoliciesNetwork SecurityInfrastructure ProvisioningCI/CD - Question #185Configuring access within a cloud solution environment
You are a security administrator at your company and are responsible for managing access controls (identification, authentication, and authorization) on Google Cloud. Which Google-...
Access ManagementAuthenticationAuthorizationIAM - Question #186Configuring network security
You have been tasked with inspecting IP packet data for invalid or malicious content. What should you do?
Packet MirroringNetwork Security MonitoringTraffic AnalysisSecurity Operations - Question #187Ensuring compliance
You have the following resource hierarchy. There is an organization policy at each node in the hierarchy as shown. Which load balancer types are denied in VPCA?
Google Cloud Organization PolicyPolicy InheritanceLoad Balancer Constraints - Question #188Ensuring data protection
Your security team wants to implement a defense-in-depth approach to protect sensitive data stored in a Cloud Storage bucket. Your team has the following requirements: - The Cloud...
VPC Service ControlsData Exfiltration PreventionSecurity PerimeterCloud Storage Security - Question #189Configuring network security
You need to create a VPC that enables your security team to control network resources such as firewall rules. How should you configure the network to allow for separation of duties...
Shared VPCNetwork SecuritySeparation of DutiesFirewall Management - Question #190Managing operations within a cloud solution environment
You are onboarding new users into Cloud Identity and discover that some users have created consumer user accounts using the corporate domain name. How should you manage these consu...
Cloud IdentityUser ManagementUnmanaged AccountsAccount Transfer - Question #191Configuring access within a cloud solution environment
You have created an OS image that is hardened per your organization's security standards and is being stored in a project managed by the security team. As a Google Cloud administra...
IAMOrganization PolicyImage ManagementSecurity Governance - Question #192Configuring access within a cloud solution environment
You're developing the incident response plan for your company. You need to define the access strategy that your DevOps team will use when reviewing and investigating a deployment i...
IAMService AccountsLeast PrivilegeTemporary Access - Question #193Ensuring data protection
You are working with a client who plans to migrate their data to Google Cloud. You are responsible for recommending an encryption service to manage their encrypted keys. You have t...
Cloud HSMKey ManagementFIPS 140-2 Level 3Customer-Managed Encryption Keys - Question #194Configuring network security
You manage your organization's Security Operations Center (SOC). You currently monitor and detect network traffic anomalies in your VPCs based on network logs. However, you want to...
Packet MirroringNetwork MonitoringNetwork SecurityTraffic Analysis - Question #195Ensuring data protection
You are consulting with a client that requires end-to-end encryption of application data (including data in transit, data in use, and data at rest) within Google Cloud. Which optio...
End-to-end encryptionConfidential ComputingClient-side encryptionData in use protection - Question #196Ensuring data protection
You need to enforce a security policy in your Google Cloud organization that prevents users from exposing objects in their buckets externally. There are currently no buckets in you...
Organization PolicyCloud Storage SecurityPublic Access PreventionData Exposure Prevention - Question #197Configuring network security
Your company requires the security and network engineering teams to identify all network anomalies and be able to capture payloads within VPCs. Which method should you use?
Packet MirroringNetwork Security MonitoringVPC SecurityPayload Capture - Question #198Ensuring data protection
An organization wants to track how bonus compensations have changed over time to identify employee outliers and correct earning disparities. This task must be performed without exp...
Data Loss PreventionFormat-preserving encryptionData privacyPseudonymization - Question #199Configuring network security
You need to set up a Cloud Interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on-premises applications can only...
Cloud InterconnectPrivate Google AccessVPC Service ControlsAPI Security - Question #200Ensuring compliance
Your organization develops software involved in many open source projects and is concerned about software supply chain threats. You need to deliver provenance for the build to demo...
Software Supply Chain SecuritySLSASoftware ProvenanceCloud Build